Community
Technology Blog Posts by SAP
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

CAP-JAVA implementation for Authorization Management Service (AMS)

Harvey_Yao
Associate
Associate
‎2024 Dec 27 9:35 AM
1,736

Basic concept of AMS

To learn the basic concept of AMS, like what is Authorization Management Service (AMS), how it works and what is the Policy, you can refer to the article writen by @kevin_li .

Authorization Management Service in SAP Cloud Identity Service 

This Blog is specifically to introduce one of the implementation of AMS in our project, that is, how CAP-JAVA based application integrate with AMS.

General dev flow

Assume that you already have a fine run CAP-JAVA application, you can simply follow this steps to integrate AMS to your application:

dev flow.png

Make sure you are using the latest version of these dependencies.

First include the ams dependency in your package.json.

 

 

 

 

  "devDependencies": {
    "@sap/ams-dev": "^2"
  },
  "dependencies": {
    "@sap/cds-dk": "^8.6.0"
  },

 

 

 

 

 Run the following command to add AMS to your project.

 

 

 

 

npm i
cds add ias
cds add ams

 

 

 

 

It automatically add the related dependencies in your srv/pom.xml, make sure you are using the latest version. (**At least >= 2.0.0**)

 

 

 

 

<sap.cloud.security.ams.version>2.0.0</sap.cloud.security.ams.version>

 

 

 

 

If you are using DwC(if you don't use it, skip this step), Upgrade your sap.cloud.sdk to version >= 5.12.0. The DwC Auth token issue has been fixed from this version.

<cloud-sdk.version>5.15.0</cloud-sdk.version>

 

 

 

 

    <!-- Deploy with Confidence -->
    <dependency>
      <groupId>com.sap.dwc</groupId>
      <artifactId>util-cap</artifactId>
      <version>${dwc.version}</version>
      <exclusions>
        <exclusion>
          <groupId>com.sap.dwc</groupId>
          <artifactId>util-mutual-authentication</artifactId>
        </exclusion>
      </exclusions>
    </dependency>

 

 

 

 

 

Authorization Model Design

Follow the guide provided by CAP, you can use annotations to restrict the authorization of APIs and Entities.

Official guideline by cloud-authorization-client-library-java gives a very detailed information of how to handle it.

[removed by moderator]

Assign and check your policy

Again, Li's article gives a very general introduction of how to do this.

Authorization Management Servic e in SAP Cloud Identity Service 

1 Comment